A new frontier for crime: cybersecurity

15/01/15

The 2014 was a year full of hacker attacks: numerous companies such as Staples Inc., Neiman Marcus Inc., Home Depot Inc. and eBay Inc. reported violations of their systems and millions of their customers remained powerless in the face of data stealing with regard to their credit cards and their personal data.

However, only commercial companies have not been attacked by cyber criminals: even health care companies, such as Community Healt Systems, financial ones, such as JPMorgan Chase & Co., and entertainment, like Sony Pictures, have been victims of cyber attacks. All these acts have shaken confidence in the security offered on the Internet.

The institutions have not been inert: a particularly aggressive intervention has seen the accusation, by the US government, of Chinese infiltration hackers in American companies. Then there were interventions coordinated at international level that led to the capture of high-profile cyber criminals, an example is the Onymous operation thanks to which numerous black market sites were discovered and interrupted, including Silk Road which represented a flowing anonymous market. known for the illegal drug trade. The attack on the Net is not a passing fad: if it is true that today information and personal data are the true wealth, we are witnessing a real raid of this "gold" in a world where more and more state actors and not State utilize the Network and new technology to hire, process and store personal data that continues to be subject to cyber-attacks for data provisioning.

The discussion about security and data breach in computer science is increasingly impregnating and growing among the media and the public. Some of these discussions can be counterproductive but greater awareness and debate on cyber threats is certainly positive for security. Greater attention will therefore be paid to the dual use of technologies, such as for the anonymous Tor network, with the related benefits for privacy but security issues.

The exponential increase in technological means for the close connection between the individual and the Web will contribute to the growth of the hacking phenomenon either by criminals or by willing consumers for an in-depth analysis of the products.

Security remains a cost for companies but cybersecurity is not seen by all as a contingent problem, but a risk only for the larger ones. However, given the actual danger that these attacks represent, the strengthening of information security represents a goal for the 2015.

Multi-factor authentication is a good starting point in this scenario, in fact, in all likelihood, it could have avoided the infringement by JP Morgan Chase & Co. Apple Inc. also learned the danger of cyber-violations too late: only after the removal of a lot of data and celebrity photos - even in their intimate moments - has decided to implement iCloud authentication in two ways.

Even an intervention by the institutions to enforce strict laws on the disclosure of profit data of violations could help. Today, however, there is no uniform picture in this area, think of the United States, home of the largest data-violated companies, where each state has its own rules for cybersecurity. Certainly certain data need more attention and are already protected by specific rules, such as those concerning health that regard the Health Insurance Portability and Accountability Act, rules that must be constantly updated to keep pace with progress technological.

According to an analysis conducted by Verizon Communications Inc., third parties become aware only of the 70 / 80% of the attacks, which suggests that the various States could strengthen the monitoring capabilities and form an awareness of the risks in the users. Storing passwords in open files, for example, is a critical choice: if a hacker appropriates this file, he will have all the access keys in the clear. Thus, great care must also be taken when filling in forms online. We need to place cybersecurity not as a feature or as a convenience but as a real priority.

It is therefore very important to continue to invest in innovations in the field of computer security with a view to the fact that the Web is similar to a large safe in which the data of all of us are stored, from the most popular to the most sensitive. If any criminal, with good computer skills, were able to come into possession of valuable information, would he not be able to perform any act he wants and of any size representing a real threat to collective security?

Intervening on a remote missile control system, would it not be possible to divert the missile?

Would it not be possible to examine movements of people to plan terrorist actions?

Nicolò Giordana

(photo: US Navy)